[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNUnet-developers] EdDSA signature process
|
From: |
Bernd Fix |
|
Subject: |
Re: [GNUnet-developers] EdDSA signature process |
|
Date: |
Wed, 11 Jul 2018 15:54:00 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 |
Does 0.11.0 change the wireformat of the p2p messages? If so, it could
be feasible to change the sign/verify semantics. But if not, it is
better to wait until other (crypto-related) changes make it into the
version that would break compatibility anyway... >Y<
On 07/11/2018 01:38 PM, Devan Carpenter wrote:
> Thanks for the discovery and analysis of this, Bernd.
>
> I wonder if this would be feasible to try to make into the 0.11.0 release..?
>
> Bernd Fix transcribed 1.1K bytes:
>> The EdDSA signature implementation in GNUnet calls the 'gcry_pk_sign
>> (&sig, msg, prv)' function not with the message itself, but with the
>> SHA512 hash value of the message.
>>
>> Due to the intricities of EdDSA signing this is not necessary (hashing
>> is done in the sign function itself, as more than just the message is
>> hashed for this).
>>
>> Although the GNUnet approach is not breaking things technically, it
>> produces unnecesary load: It is running an extra SHA512 - and because
>> the signed message is usually rather small (from what I have seen until
>> now the signed data is smaller than the 64 bytes of a SHA512 result),
>> the sign functions even needs to hash more data than necessary.
>>
>> I guess that changing the sign/verify procedure would break
>> compatibility between new and old nodes and is therefore not feasable. I
>> just want to mention this in case a major version change is considered.
>>
>> Thanks for your attention, Bernd.
>>
>> _______________________________________________
>> GNUnet-developers mailing list
>> address@hidden
>> https://lists.gnu.org/mailman/listinfo/gnunet-developers